Cyber expert: Hillary's press conference did not inspire confidence

Former U.S. Secretary of State Hillary Clinton speaks during a news conference at the United Nations headquarters in New York, March 10, 2015. Clinton said on Tuesday she did not email any classified material to anyone while at the State Department.
REUTERS/Mike Segar
At a press conference on Tuesday, Hillary Clinton told reporters that the private email server she used while working in the State Department "had numerous safeguards" and "there were no security breaches."

The 2016 Democratic presidential frontrunner also said that the personal server "was on property guarded by the Secret Service."

However, the former secretary of state did not provide details about the technical team that oversaw the personal system, which would involve multiple experts constantly looking for hackers if it were a government system.

"We have no idea how she could possibly know that there were no breaches," Alex McGeorge, senior security researcher at Immunity Inc., told Business Insider. "Secretary Clinton is not an expert on cyber security and I don't expect her to be one."

When asked if she had known about the security implications of running her own mail server, she responded by saying that she had never sent nor receieved any classified information using her personal email account.

While this is somewhat comforting, it's not sufficient, according to McGeorge — access to a Secretary of State's inbox, even if it only contains private and non-classified emails, is still worth a "quite a bit" to an adversary.

"Convenience, unfortunately, is often the enemy of security," McGeorge said, responding to Clinton's claim that she had used a personal email account because it was "more convenient" than carrying around two phones. "The secure solution would've been to maintain two devices, one used for personal communication and one not."

Clinton told reporters that the server was set up during her husband Bill's presidential administration, and that Bill had personal emails on that server. For his part, Bill told the Wall Street Journal that he has only sent two emails in his entire life. In any case, doubts remain about the security of the system.

"The solution to this problem," McGeorge said, "is to hold our senior executives to rules they can not circumvent and remove their ability to make poor decisions when it comes to cyber security."